Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Security Architecture for Computational Grids Ian Foster, Carl Kesselman, Gene Tsudik, Steven Tuecke Reporter : Po - Jen Lo.

Published byBerniece Singleton Modified over 8 years ago

Similar presentations

Presentation on theme: "A Security Architecture for Computational Grids Ian Foster, Carl Kesselman, Gene Tsudik, Steven Tuecke Reporter : Po - Jen Lo."— Presentation transcript:

1 A Security Architecture for Computational Grids Ian Foster, Carl Kesselman, Gene Tsudik, Steven Tuecke Reporter : Po - Jen Lo

2 2008-05-07 P - J - L 2 Abstract  這篇 paper 主要提出的問題是,每一個 domain 會 有他自己的認證機制,要如何在不同的 domain 中 不用重複多次的認證

3 2008-05-07 P - J - L 3 Outline Security Requirements 2 Implementation 4 Introduction 31 Grid Security Architecture 33 Conclusion 35

4 2008-05-07 P - J - L 4 Introduction  The interdomain security solutions used for grids must be able to interoperate with, rather than replace, the diverse intradomain access control technologies inevitably encountered in individual domains.  We propose a security policy for grid systems that addresses requirements for single sign-on, interoperability with local policies, and dynamically varying resource requirements

5 2008-05-07 P - J - L 5 Introduction (Cont.)  This policy focuses on authentication of users, resources, and processes and supports user-to- resource, resource-to-user, process-to-resource, and process-to-process authentication.

6 2008-05-07 P - J - L 6 The Grid Security Problem

7 2008-05-07 P - J - L 7 Security Requirements  Grid systems and applications may require any or all of the standard security functions  including authentication, access control, integrity, privacy, and nonrepudiation  provide authentication solutions that allow a user, the processes that comprise a user's computation, and the resources used by those processes, to verify each other's identity  allow local access control mechanisms to be applied without change, whenever possible

8 2008-05-07 P - J - L 8 Security Requirements (Cont.)  Single sign-on  Protection of credentials  Interoperability with local security solutions  Exportability  Uniform credentials/certification infrastructure  Support for secure group communication  Support for multiple implementations

9 2008-05-07 P - J - L 9 Grid Security Architecture  User Proxy Creation Protocol  Resource Allocation Protocol  Resource Allocation from a Process Protocol  Mapping Registration Protocol

10 2008-05-07 P - J - L 10 Grid Security Architecture (Cont.)

11 2008-05-07 P - J - L 11 Implementation  GSI was developed as part of the Globus project  understand the basic infrastructure required to support the execution of wide range of computational grid applications  build prototype implementations of this infrastructure  evaluate applications on large-scale testbeds

12 2008-05-07 P - J - L 12 Implementation (Cont.)  Use of the Generic Security Services Application Programming Interface (GSSAPI)  GSS-API allows us to construct GSI simply by transcribing the grid security protocols into GSS calls

13 2008-05-07 P - J - L 13 Implementation (Cont.)  Use of the Generic Security Services Application Programming Interface (GSSAPI)  GSS-API bindings have been defined for several mechanisms. one based on plaintext passwords –Implementation was designed to support system debugging and small-scale deployment one based on X.509 certificates –Implementation is used for wide-area “production" use  The flexibility of our GSS-API implementation allows us to switch between public key and plaintext versions of Globus without changing a single line of Globus code

14 2008-05-07 P - J - L 14 Implementation (Cont.)  Support for Public Key Technology in GSI  The GSI implementation currently uses the authentication protocols defined by the Secure Socket Library (SSL) protocol  it is possible to separate the authentication and communication components of SSL  To avoid confusion between the SSL authentication protocol and the SSL communication library SSL Authentication Protocol or SAP to refer specifically to the authentication elements of SSL

15 2008-05-07 P - J - L 15 Implementation (Cont.)  Support for Public Key Technology in GSI  there exists a high-quality, public-domain implementation of the SSL protocol (SSLeay), developed outside of the United States and hence avoiding export control issues.  SSLeay is structured in a way that allows a token stream to be extracted easily, thus making the GSS implementation straightforward

16 2008-05-07 P - J - L 16 Implementation (Cont.)  Support for Public Key Technology in GSI  SSL is widely adopted as the method of choice for authentication and secure communication for a broad range of distributed services  Consequently, a computation can use GSI to access not only Globus services, but also generic Web services.

17 2008-05-07 P - J - L 17 Conclusions  This implementation has been deployed on a national-scale testbed  The resource proxy enables interoperability with local security solutions, as the resource proxy can translate between interdomain and intradomain security solutions.

18

Download ppt "A Security Architecture for Computational Grids Ian Foster, Carl Kesselman, Gene Tsudik, Steven Tuecke Reporter : Po - Jen Lo."

Similar presentations

GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
The Anatomy of the Grid: An Integrated View of Grid Architecture Carl Kesselman USC/Information Sciences Institute Ian Foster, Steve Tuecke Argonne National.

The Anatomy of the Grid: An Integrated View of Grid Architecture Carl Kesselman USC/Information Sciences Institute Ian Foster, Steve Tuecke Argonne National.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Condor-G: A Computation Management Agent for Multi-Institutional Grids James Frey, Todd Tannenbaum, Miron Livny, Ian Foster, Steven Tuecke Reporter: Fu-Jiun.

Condor-G: A Computation Management Agent for Multi-Institutional Grids James Frey, Todd Tannenbaum, Miron Livny, Ian Foster, Steven Tuecke Reporter: Fu-Jiun.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © 2009. Chapter 1, pp 19-28. For educational use only.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
Overview of Security Standards in the Grid CSE 225 High Performance and Computational Grids Spring 2000 Prepared By

Overview of Security Standards in the Grid CSE 225 High Performance and Computational Grids Spring 2000 Prepared By
Milos Kobliha Alejandro Cimadevilla Luis de Alba Parallel Computing Seminar GROUP 12.

Milos Kobliha Alejandro Cimadevilla Luis de Alba Parallel Computing Seminar GROUP 12.
Globus Ian Foster and Carl Kesselman Argonne National Laboratory and University of Southern California

Globus Ian Foster and Carl Kesselman Argonne National Laboratory and University of Southern California
1 Directory related work in the Global Grid Forum 3rd TF-LSD Meeting in Antalya 14.-17.5.2001 Peter Gietz

1 Directory related work in the Global Grid Forum 3rd TF-LSD Meeting in Antalya Peter Gietz
Globus Computing Infrustructure Software Globus Toolkit 11-2.

Globus Computing Infrustructure Software Globus Toolkit 11-2.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Similar presentations

Ads by Google